Policy 96: Internal Audit

Approved Administrative Committee 2216.2

INTERNAL AUDIT

ROLE AND ACCOUNTABILITY

1. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve the University's operations. It helps the University accomplish its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

2. The scope of work of the Internal Audit Office include assessing management practices ensuring that risks are appropriately identified and managed; interaction with the various governance groups and other control and monitoring functions occurs as needed; programs, plans and objectives are achieved; and, quality and continuous improvement are fostered in the University’s control process.

3. The internal audit program will not merely examine transactions or evaluate detailed controls but will provide value-added recommendations to strengthen the internal control and management assurance frameworks. It will not develop and / or install procedures and systems or engage on any activity which could be construed to compromise its objectivity and independence.

4. The Internal Audit Office reports directly to the President. The President can delegate this responsibility to the Vice-President, Resources.The President, or his delegate, makes decisions concerning the hiring or dismissal of the Director, as well as his or her compensation and performance evaluation, after consulting the Audit Committee Chairperson. The Director of the Internal Audit Office is a permanent invitee of the Audit Committee. The Internal Audit Office must be independent of all programs, functions and operations that are audited.

5. The Internal Audit Office must submit periodic reports on its activities to the President, or to his delegate, to ensure that work plans take into account the evolving risks facing the University. These reports are presented to the Audit Committee at its regular meetings. The Internal Audit Office’s multi-year plan, as well as periodic and annual reports, must be submitted to the Audit Committee for approval.

6. The Director of the Internal Audit Office and the Chairperson of the Audit Committee may consult with each other confidentially at any time.

7. The Audit Committee reserves the right to designate specific tasks to the Director of the Internal Audit Office.

RESPONSIBILITIES

8. The responsibilities of the Internal Audit Office consist of:
• developing a flexible annual audit plan using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit that plan to the President and the Audit Committee for review and approval;
• examining, assessing and recommending on practices, systems and control processes used to manage financial, human and physical resources;
• ascertaining the reasonableness and the extent of compliance with established policies and procedures;
• ascertaining the extent to which University assets are accounted for and safeguarded from losses of all kinds;
• ascertaining the reliability of managerial information developed and distributed within the University;
• ascertaining that minimum standards of control and security are included in manual and / or computerized systems before they are approved for implementation and that these standards are included in policies or procedures under development or revision;
• assessing new or changing functions, services, processes, operations, and control processes coincident with their development, implementation and / or expansion;
• conducting special assignments requested by senior management or the Audit Committee;
• conducting special audits and investigations where fraud, defalcation or other form of irregularity involving University money or property is known or suspected to have occurred;
• reporting the findings of reviews and recommendations to the University entities under review for comments and submitting final reports to the President and the Audit Committee;
• preparing periodic progress and annual reports on Internal Audit activities for submission to the President and the Audit Committee;
• providing information to senior management and the Audit Committee on the sufficiency of Internal Audit resources, and on any imposed scope restrictions;
• coordinating the work of Internal Audit Office with that of the External Auditors;
• maintaining a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Policy;
• establishing a quality assurance program by which the Director assures the operation of internal audit activities.

9. The responsibilities of the unit audited consist of:
• providing access to all documentation and information as requested by the Internal Audit Office in the conduct of its audit;
• developing action plans and implementing the recommendations contained in the audit report or alternatives that meet the objectives of the recommendations;
• providing the Internal Audit Office with details of any completed corrective action.

AUTHORITY AND RELATIONSHIP

10. Internal Audit Office should be given access to all information, systems and physical assets deemed necessary to fulfill its mandate. The Director should have full and free access to the Audit Committee and should allocate resources, set frequencies, select subjects, determines scopes of work, and apply the techniques required to accomplish audit objectives. Internal Audit Office may obtain specialized services from within or outside the University to assist them in the achievement of those objectives.

11. In the performance of their duties, members of the Internal Audit Office are authorized to review managerial correspondence and documents of the University; such may include official minutes of the meetings of the Administrative Committee, minutes of the meetings of the Senate Committee, the Board of Governors, the Board of Governors' standing committees, etc. It will also include any contracts entered into by the University.

12. The Director and the staff of the Internal Audit Office are not authorized to perform any operational duties for the University or its affiliates; to initiate or approve accounting transactions external to the Internal Audit Office; and to direct the activities of a University employee not employed by the Internal Audit Office, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.

EXCEPTION

13. No exception may be made to this policy without the written consent of the Administration Committee.